General discussion


restrick users access to TS application

By jamrock ·
I have W2K server Spk 4. Currently I have inhouse users accessing terminal server and all is well. We are runing an application that I would like to give access to an outside vendor but would like for him to only have access to that one application. How do I restrick him without affecting my inhouse users.
Any help is greatly appreciated. Thanks

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by erikdr In reply to restrick users access to ...

Well, OOTB answer is very simple: Windows groups with access rights, and external user in different group than internal.
So please specify what you're lacking in this and what more security you need, then we can shoot...


<Erik> - The Netherlands

Collapse -

by jlehr In reply to restrick users access to ...

You could also set that user to execute the application under the Environment tab of their AD account. The app will start upon logging in, and will boot them out once they quit that app. You have to watch out that the application you are delivering can't call up other applications though. When combined with the other solution provided, it makes for a simple method to deliver 1 application in TS.

Collapse -

by zaferus In reply to restrick users access to ...

IF he is stationary you could put him behind a firewall (like a D-Link router), creating a second private IP space just for his "network". Then it's as simple as can be to create a rule disallowing any access, then create a second rul (which will override the first) allowing only access to the TS server.

Because this comes from a different range this will also make auditing easy if you want to further make sure the vendor is only where they should be.

Related Discussions

Related Forums